Kombis, spoofers and phishers

The older I get the more I reckon Christmas is encapsulated by two things: children and traditions.

Kids' electrically charged anticipation leading up to the event with the pure, uninhibited joy of watching them opening presents in front of the tree; and the traditions that families have, whether it be food, music or events.

The two big Christmas traditions in the O'Donnell household are Bob Dylan's dreadful Christmas carol album and a bathtub-green 1971 Volkswagen Kombi.

We picked up the Kombi eight years ago, spent a year doing it up and every January we take to the road in search of remote beaches and no cellphone coverage.

Kombis go everywhere slowly. Ours has the 1600 "twin port" motor, so instead of the regular 45 horsepower we get the positively athletic 48 horse option.

This means our open-road speed is a tad under 90kph, so there's plenty of time to smell the countryside we pass through.

For all that, it's never let us down. Part of this is good design that has stood the test of time, but the big part is preventive maintenance. It gets fresh oil every 4000kms and a grease every three months, and as a result it's always delivered a stress-free Christmas.

Plenty of people didn't have a stress-free Christmas in cyber-land. The holidays provide scammers with three conditions that increase the likelihood of scamming innocents: the much-increased volume of credit card activity (so you are less vigilant at reviewing transactions); the overloaded shipping volumes (so you are unsurprised if a purchase is delayed); and the impact of holidays on clearing emails (so you are more likely to be opening emails on a smart phone than firewall-enabled machines).

This year was no exception, with a large range of underhanded activity and cyber-attacks.

The first inkling I had was when I was emailed by the chairman of one of New Zealand's largest companies saying he had files he urgently wanted me to see.

Turns out he was one of thousands of Gmail clients whose identity was compromised as a result of a phishing attack out of Malaysia, seeking to steal punters' bank identities over the holiday period.

The next big one was photo messaging service Snapchat, which had 4.6 million usernames and phone numbers pinched through a known weakness on its website. Not only did the hackers steal the data, they published it online, opening the door for consequent identity theft.

The biggest local cyber nasty of the holidays was the combination of spoofing and phishing to hit Telecom and its besieged Yahoo! Xtra webmail service.

This was the fourth time that Telecom's webmail service had been compromised in the last year, with a previous event being described by the Internet Safety Group as the biggest attack of its type to occur in Godzone with 87,000 folks reported as having had their email accounts corrupted.

Spoofing involves the forged use of an email address to send vexatious or malicious emails. The email looks like it's coming from someone you know and trust, but it's more likely to be some scumball in Asia or Central Europe.

Phishing is similar but different. It's effectively social engineering which selects large scale online service providers (typically banks, ISPs, marketplaces and tax departments) and sends you an email that purports to be from them.

It then connects you to a duplicate of their website which harvests your login details to steal your money or your identity.

Both are numbers games. The perpetrators harness server farms which send millions of emails a week, as the opportunity cost is virtually zero and the returns lucrative. The question that both come down to, is how did the scammers source the Xtra email addresses in the first place?

There are two main possibilities.

The first is that they were harvested either through web crawlers, or using the simple formula of firstname.secondname@corporatename.co.nz .And the biggest corporate names to use are ISPs - so think Xtra, Vodafone, Slingshot, Telstra, and the like.

The second is that the email addresses were obtained during last year's hacking of the Yahoo!Xtra platform. In other words, the scammers put the data aside until the perfect storm of the Christmas holidays was underway, and then let battle commence.

Given both the timing and the targeting of Telecom clients, I reckon it's the latter. I put the question to Telecom five days ago but they didn't reply.

If my paranoid theory is right, then there's little you can do but delete queer-looking emails, change your password and perhaps your email provider.

However there is a very simple step you can take to prevent being targeted through web harvesting, and that's to avoid having a personal email address of firstname.secondname@isp.co.nz.

In terms of bang for buck I reckon it's the best preventative maintenance you can carry out. And hopefully, like my dear old Kombi, it might help deliver a stress-free Christmas next year.

Mike "MOD" O'Donnell is a professional director, eCommerce manager and former Netsafe board member. His Twitter handle is @modsta and he's lost more money on old cars than online scams (so far).